Unrestricted File Upload in code-projects Online Examination System
CVE-2026-1423
Key Information:
- Vendor
Code-projects
- Vendor
- CVE Published:
- 26 January 2026
Badges
What is CVE-2026-1423?
The Online Examination System (version 1.0) by code-projects contains a vulnerability in the /admin_pic.php file, which allows attackers to carry out unrestricted file uploads. This weakness enables an attacker to manipulate the upload functionality remotely, potentially leading to unauthorized code execution. The exploit has been publicly disclosed, making it crucial for users to address this security issue. Mitigation steps are recommended to safeguard against potential attacks leveraging this vulnerability.
Affected Version(s)
Online Examination System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
